diff --git a/changelog/v0.36.7/env-template-sources.yaml b/changelog/v0.36.7/env-template-sources.yaml new file mode 100644 index 000000000..6ead8753a --- /dev/null +++ b/changelog/v0.36.7/env-template-sources.yaml @@ -0,0 +1,13 @@ +changelog: + - type: FIX + issueLink: https://github.com/solo-io/skv2/issues/565 + description: > + Add support for other sources in templated env vars field. + skipCI: "false" + - type: NON_USER_FACING + description: > + Reorder the priority of the environment variables to be loaded in the following order: + 1. Templated environment variables + 2. Environment variables + 3. Extra environment variables + skipCI: "false" \ No newline at end of file diff --git a/ci/oss_compliance/osa_provided.md b/ci/oss_compliance/osa_provided.md index cedcc228b..69bc7e83f 100644 --- a/ci/oss_compliance/osa_provided.md +++ b/ci/oss_compliance/osa_provided.md @@ -51,7 +51,7 @@ Name|Version|License [config/v1alpha1](https://k8s.io/component-base/config/v1alpha1)|v0.28.3|Apache License 2.0 [v2/internal](https://k8s.io/klog/v2/internal)|v2.100.1|Apache License 2.0 [kube-openapi/pkg](https://k8s.io/kube-openapi/pkg)|v0.0.0-20230717233707-2695361300d9|Apache License 2.0 -[k8s.io/utils](https://k8s.io/utils)|v0.0.0-20230406110748-d93618cff8a2|Apache License 2.0 +[k8s.io/utils](https://k8s.io/utils)|v0.0.0-20240502163921-fe8a2dddb1d0|Apache License 2.0 [controller-runtime/pkg](https://sigs.k8s.io/controller-runtime/pkg)|v0.16.3|Apache License 2.0 [encoding/json](https://sigs.k8s.io/json/internal/golang/encoding/json)|v0.0.0-20221116044647-bc3834ca7abd|Apache License 2.0 [structured-merge-diff/v4](https://sigs.k8s.io/structured-merge-diff/v4)|v4.2.3|Apache License 2.0 diff --git a/codegen/cmd_test.go b/codegen/cmd_test.go index 2a0ce0a8d..f914ce1d2 100644 --- a/codegen/cmd_test.go +++ b/codegen/cmd_test.go @@ -10,27 +10,26 @@ import ( "reflect" "strings" - goyaml "gopkg.in/yaml.v3" - rbacv1 "k8s.io/api/rbac/v1" - v12 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" - "k8s.io/utils/pointer" - . "github.com/onsi/ginkgo/v2" . "github.com/onsi/gomega" - . "github.com/solo-io/skv2/codegen" - "github.com/solo-io/skv2/codegen/model" - . "github.com/solo-io/skv2/codegen/model" - "github.com/solo-io/skv2/codegen/skv2_anyvendor" - "github.com/solo-io/skv2/codegen/util" - "github.com/solo-io/skv2/contrib" + goyaml "gopkg.in/yaml.v3" appsv1 "k8s.io/api/apps/v1" v1 "k8s.io/api/core/v1" + rbacv1 "k8s.io/api/rbac/v1" + v12 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" "k8s.io/apimachinery/pkg/runtime/schema" "k8s.io/apimachinery/pkg/util/intstr" kubeyaml "k8s.io/apimachinery/pkg/util/yaml" + "k8s.io/utils/ptr" "sigs.k8s.io/yaml" + + . "github.com/solo-io/skv2/codegen" + . "github.com/solo-io/skv2/codegen/model" + "github.com/solo-io/skv2/codegen/skv2_anyvendor" + "github.com/solo-io/skv2/codegen/util" + "github.com/solo-io/skv2/contrib" ) var _ = Describe("Cmd", func() { @@ -42,6 +41,66 @@ var _ = Describe("Cmd", func() { skv2Imports.External["github.com/solo-io/cue"] = []string{ "encoding/protobuf/cue/cue.proto", } + It("env variable priority", func() { + cmd := &Command{ + Chart: &Chart{ + Data: Data{ + ApiVersion: "v1", + Description: "", + Name: "Painting Operator", + Version: "v0.0.1", + Home: "https://docs.solo.io/skv2/latest", + Sources: []string{ + "https://github.com/solo-io/skv2", + }, + }, + Operators: []Operator{{ + Name: "painter", + Deployment: Deployment{ + Container: Container{ + Image: Image{Repository: "painter", Tag: "v0.0.1"}, + Env: []v1.EnvVar{{Name: "ENV_VAR", Value: "default"}}, + TemplateEnvVars: []TemplateEnvVar{ + { + Condition: "$.Values.secret", + Name: "ENV_VAR", + Value: "templated", + }, + }, + }, + }, + }}, + }, + ManifestRoot: "codegen/test/chart/env-priority", + } + Expect(cmd.Execute()).NotTo(HaveOccurred(), "failed to execute command") + + manifests := helmTemplate("./test/chart/env-priority", map[string]any{"painter": map[string]any{"enabled": true}, "secret": true}) + var renderedDeployment *appsv1.Deployment + decoder := kubeyaml.NewYAMLOrJSONDecoder(bytes.NewBuffer(manifests), 4096) + for { + obj := &unstructured.Unstructured{} + err := decoder.Decode(obj) + if err != nil { + break + } + if obj.GetName() != "painter" || obj.GetKind() != "Deployment" { + continue + } + + bytes, err := obj.MarshalJSON() + Expect(err).NotTo(HaveOccurred()) + renderedDeployment = &appsv1.Deployment{} + err = json.Unmarshal(bytes, renderedDeployment) + Expect(err).NotTo(HaveOccurred()) + } + Expect(renderedDeployment).NotTo(BeNil()) + + Expect(renderedDeployment.Spec.Template.Spec.Containers[0].Env).To(HaveLen(2)) + Expect(renderedDeployment.Spec.Template.Spec.Containers[0].Env[0]).To(Equal(v1.EnvVar{Name: "ENV_VAR", Value: "templated"})) + Expect(renderedDeployment.Spec.Template.Spec.Containers[0].Env[1]).To(Equal(v1.EnvVar{Name: "ENV_VAR", Value: "default"})) + }) + It("install conditional sidecars", func() { agentConditional := "and ($.Values.glooAgent.enabled) ($.Values.glooAgent.runAsSidecar)" @@ -111,6 +170,30 @@ var _ = Describe("Cmd", func() { Repository: "gloo-mesh-mgmt-server", Tag: "0.0.1", }, + TemplateEnvVars: []TemplateEnvVar{ + { + Name: "USERNAME", + ValueFrom: v1.EnvVarSource{ + SecretKeyRef: &v1.SecretKeySelector{ + LocalObjectReference: v1.LocalObjectReference{ + Name: "{{ $.Values.someSecret }}", + }, + Key: "{{ $.Values.usernameKey }}", + }, + }, + }, + { + Name: "PASSWORD", + ValueFrom: v1.EnvVarSource{ + ConfigMapKeyRef: &v1.ConfigMapKeySelector{ + LocalObjectReference: v1.LocalObjectReference{ + Name: "{{ $.Values.someConfigMap }}", + }, + Key: "{{ $.Values.passwordKey }}", + }, + }, + }, + }, ContainerPorts: []ContainerPort{{ Name: "stats", Port: "{{ $Values.glooMgmtServer.statsPort }}", @@ -155,6 +238,11 @@ var _ = Describe("Cmd", func() { Expect(deployment).To(ContainSubstring("name: agent-volume")) Expect(deployment).To(ContainSubstring(`{{ index $glooAgent "ports" "grpc" }}`)) Expect(deployment).To(ContainSubstring("{{ $Values.glooMgmtServer.statsPort }}")) + + Expect(deployment).To(ContainSubstring("{{ $.Values.usernameKey }}")) + Expect(deployment).To(ContainSubstring("{{ $.Values.passwordKey }}")) + Expect(deployment).To(ContainSubstring("{{ $.Values.someSecret }}")) + Expect(deployment).To(ContainSubstring("{{ $.Values.someConfigMap }}")) }) It("generates conditional crds", func() { cmd := &Command{ @@ -772,13 +860,11 @@ var _ = Describe("Cmd", func() { } Expect(renderedDeployment).NotTo(BeNil()) - pointerBool := func(b bool) *bool { return &b } - pointerInt64 := func(i int64) *int64 { return &i } defaultSecurityContext := v1.SecurityContext{ - RunAsNonRoot: pointerBool(true), - RunAsUser: pointerInt64(10101), - ReadOnlyRootFilesystem: pointerBool(true), - AllowPrivilegeEscalation: pointerBool(false), + RunAsNonRoot: ptr.To(true), + RunAsUser: ptr.To[int64](10101), + ReadOnlyRootFilesystem: ptr.To(true), + AllowPrivilegeEscalation: ptr.To(false), Capabilities: &v1.Capabilities{ Drop: []v1.Capability{"ALL"}, }, @@ -798,8 +884,8 @@ var _ = Describe("Cmd", func() { Entry("renders empty map for container security context when set as false via helm cli", nil, true), Entry("overrides container security context with empty map", &v1.SecurityContext{}, false), Entry("overrides container security context", &v1.SecurityContext{ - RunAsNonRoot: func(b bool) *bool { return &b }(true), - RunAsUser: func(i int64) *int64 { return &i }(20202), + RunAsNonRoot: ptr.To(true), + RunAsUser: ptr.To[int64](20202), }, false), ) @@ -1928,7 +2014,7 @@ roleRef: ) DescribeTable("rendering conditional deployment strategy", - func(values map[string]any, conditionalStrategy []model.ConditionalStrategy, expectedStrategy appsv1.DeploymentStrategy) { + func(values map[string]any, conditionalStrategy []ConditionalStrategy, expectedStrategy appsv1.DeploymentStrategy) { cmd := &Command{ Chart: &Chart{ Operators: []Operator{ @@ -1999,7 +2085,7 @@ roleRef: ), Entry("when the condition is true", map[string]any{"enabled": true, "condition": true}, - []model.ConditionalStrategy{ + []ConditionalStrategy{ { Condition: "$.Values.painter.condition", Strategy: appsv1.DeploymentStrategy{ @@ -2019,7 +2105,7 @@ roleRef: ), Entry("when the condition is false", map[string]any{"enabled": true, "condition": false}, - []model.ConditionalStrategy{ + []ConditionalStrategy{ { Condition: "$.Values.painter.condition", Strategy: appsv1.DeploymentStrategy{ @@ -2114,23 +2200,23 @@ roleRef: map[string]interface{}{"fsGroup": 1000}, nil, &v1.PodSecurityContext{ - FSGroup: pointer.Int64(1000), + FSGroup: ptr.To[int64](1000), }), Entry("when PodSecurityContext is defined only in the operator", nil, &v1.PodSecurityContext{ - FSGroup: pointer.Int64(1000), + FSGroup: ptr.To[int64](1000), }, &v1.PodSecurityContext{ - FSGroup: pointer.Int64(1000), + FSGroup: ptr.To[int64](1000), }), Entry("when PodSecurityContext is defined in both values and the operator", map[string]interface{}{"fsGroup": 1024}, &v1.PodSecurityContext{ - FSGroup: pointer.Int64(1000), + FSGroup: ptr.To[int64](1000), }, &v1.PodSecurityContext{ - FSGroup: pointer.Int64(1024), // should override the value defined in the operator + FSGroup: ptr.To[int64](1024), // should override the value defined in the operator }), ) @@ -2229,7 +2315,9 @@ roleRef: Value: "{{ $.Values.featureGates.Foo | quote }}", }, }, - nil), + []v1.EnvVar{ + {Name: "FEATURE_ENABLE_FOO", Value: "true"}, + }), Entry("when Env and TemplateEnvVar are specified, true value", map[string]string{"Foo": "true"}, []v1.EnvVar{ @@ -2318,7 +2406,7 @@ roleRef: }) DescribeTable("validation", - func(values map[string]any, defaultVolumes []v1.Volume, conditionalVolumes []model.ConditionalVolume, expected []v1.Volume) { + func(values map[string]any, defaultVolumes []v1.Volume, conditionalVolumes []ConditionalVolume, expected []v1.Volume) { cmd := &Command{ Chart: &Chart{ Operators: []Operator{ @@ -2412,7 +2500,7 @@ roleRef: "condition": "true", }, nil, - []model.ConditionalVolume{ + []ConditionalVolume{ { Condition: "$.Values.painter.condition", Volume: v1.Volume{ @@ -2432,7 +2520,7 @@ roleRef: "condition": "true", }, nil, - []model.ConditionalVolume{ + []ConditionalVolume{ { Condition: "$.Values.painter.invalidCondition", Volume: v1.Volume{ @@ -2452,7 +2540,7 @@ roleRef: Name: "vol-1", }, }, - []model.ConditionalVolume{ + []ConditionalVolume{ { Condition: "$.Values.painter.condition", Volume: v1.Volume{ @@ -2484,7 +2572,7 @@ roleRef: }) DescribeTable("validation", - func(values map[string]any, defaultMounts []v1.VolumeMount, conditionalMounts []model.ConditionalVolumeMount, expected []v1.VolumeMount) { + func(values map[string]any, defaultMounts []v1.VolumeMount, conditionalMounts []ConditionalVolumeMount, expected []v1.VolumeMount) { cmd := &Command{ Chart: &Chart{ Operators: []Operator{ @@ -2580,7 +2668,7 @@ roleRef: "condition": "true", }, nil, - []model.ConditionalVolumeMount{ + []ConditionalVolumeMount{ { Condition: "$.Values.painter.condition", VolumeMount: v1.VolumeMount{ @@ -2600,7 +2688,7 @@ roleRef: "condition": "true", }, nil, - []model.ConditionalVolumeMount{ + []ConditionalVolumeMount{ { Condition: "$.Values.painter.invalidCondition", VolumeMount: v1.VolumeMount{ @@ -2620,7 +2708,7 @@ roleRef: Name: "vol-1", }, }, - []model.ConditionalVolumeMount{ + []ConditionalVolumeMount{ { Condition: "$.Values.painter.condition", VolumeMount: v1.VolumeMount{ diff --git a/codegen/model/chart.go b/codegen/model/chart.go index 78f53cdce..fd46d9a84 100644 --- a/codegen/model/chart.go +++ b/codegen/model/chart.go @@ -173,6 +173,9 @@ type TemplateEnvVar struct { // Helm value // E.g. {{ .Values.foo.bar }} Value string + + // + ValueFrom corev1.EnvVarSource } type ContainerPort struct { diff --git a/codegen/templates/chart/operator-deployment.yamltmpl b/codegen/templates/chart/operator-deployment.yamltmpl index 965053d30..0db26d0eb 100644 --- a/codegen/templates/chart/operator-deployment.yamltmpl +++ b/codegen/templates/chart/operator-deployment.yamltmpl @@ -140,25 +140,34 @@ spec: containerPort: [[ $port.Port ]] [[- end ]] [[- end ]] -{{- if [[ $containerVar ]].env }} +[[- if or $container.Env $container.TemplateEnvVars ]] + env: +[[- else ]] + {{- if or [[ $containerVar ]].env [[ $containerVar ]].extraEnvs }} env: -{{ toYaml [[ $containerVar ]].env | indent 10 }} + {{- end }} +[[- end ]] [[- range $f := $container.TemplateEnvVars ]] -[[- if $f.Condition ]] -{{- if [[ $f.Condition ]] }} -[[- end]] + [[- if $f.Condition ]] + {{- if [[ $f.Condition ]] }} + [[- end ]] + [[- if $f.Value ]] - name: [[ $f.Name ]] value: [[ $f.Value ]] -[[- if $f.Condition ]] -{{- end }} -[[- end]] + [[- else if $f.ValueFrom ]] + - name: [[ $f.Name ]] + valueFrom: [[ $f.ValueFrom | toYaml | nindent 14 ]] + [[- end ]] + [[- if $f.Condition ]] + {{- end }} + [[- end ]] [[- end ]] -{{- else if [[ $containerVar ]].extraEnvs }} - env: +{{- if [[ $containerVar ]].env }} +{{- toYaml [[ $containerVar ]].env | nindent 10 }} {{- end }} {{- range $name, $item := [[ $containerVar ]].extraEnvs }} - name: {{ $name }} -{{- $item | toYaml | nindent 12 }} + {{- $item | toYaml | nindent 12 }} {{- end }} [[- if $container.VolumeMounts ]] volumeMounts: diff --git a/codegen/test/chart-conditional-deployment-strategy/templates/deployment.yaml b/codegen/test/chart-conditional-deployment-strategy/templates/deployment.yaml index 9c9ab1ae6..40ea75b0d 100644 --- a/codegen/test/chart-conditional-deployment-strategy/templates/deployment.yaml +++ b/codegen/test/chart-conditional-deployment-strategy/templates/deployment.yaml @@ -48,15 +48,15 @@ spec: - name: painter image: {{ $painterImage.registry }}/{{ $painterImage.repository }}:{{ $painterImage.tag }} imagePullPolicy: {{ $painterImage.pullPolicy }} -{{- if $painter.env }} - env: -{{ toYaml $painter.env | indent 10 }} -{{- else if $painter.extraEnvs }} + {{- if or $painter.env $painter.extraEnvs }} env: + {{- end }} +{{- if $painter.env }} +{{- toYaml $painter.env | nindent 10 }} {{- end }} {{- range $name, $item := $painter.extraEnvs }} - name: {{ $name }} -{{- $item | toYaml | nindent 12 }} + {{- $item | toYaml | nindent 12 }} {{- end }} resources: {{- if $painter.resources }} diff --git a/codegen/test/chart-deployment-strategy/templates/deployment.yaml b/codegen/test/chart-deployment-strategy/templates/deployment.yaml index da16e12c3..1702c267c 100644 --- a/codegen/test/chart-deployment-strategy/templates/deployment.yaml +++ b/codegen/test/chart-deployment-strategy/templates/deployment.yaml @@ -44,15 +44,15 @@ spec: - name: painter image: {{ $painterImage.registry }}/{{ $painterImage.repository }}:{{ $painterImage.tag }} imagePullPolicy: {{ $painterImage.pullPolicy }} -{{- if $painter.env }} - env: -{{ toYaml $painter.env | indent 10 }} -{{- else if $painter.extraEnvs }} + {{- if or $painter.env $painter.extraEnvs }} env: + {{- end }} +{{- if $painter.env }} +{{- toYaml $painter.env | nindent 10 }} {{- end }} {{- range $name, $item := $painter.extraEnvs }} - name: {{ $name }} -{{- $item | toYaml | nindent 12 }} + {{- $item | toYaml | nindent 12 }} {{- end }} resources: {{- if $painter.resources }} diff --git a/codegen/test/chart-envvars/templates/deployment.yaml b/codegen/test/chart-envvars/templates/deployment.yaml index a0cc21108..0d27bc5a4 100644 --- a/codegen/test/chart-envvars/templates/deployment.yaml +++ b/codegen/test/chart-envvars/templates/deployment.yaml @@ -40,15 +40,15 @@ spec: - name: painter image: {{ $painterImage.registry }}/{{ $painterImage.repository }}:{{ $painterImage.tag }} imagePullPolicy: {{ $painterImage.pullPolicy }} -{{- if $painter.env }} - env: -{{ toYaml $painter.env | indent 10 }} -{{- else if $painter.extraEnvs }} + {{- if or $painter.env $painter.extraEnvs }} env: + {{- end }} +{{- if $painter.env }} +{{- toYaml $painter.env | nindent 10 }} {{- end }} {{- range $name, $item := $painter.extraEnvs }} - name: {{ $name }} -{{- $item | toYaml | nindent 12 }} + {{- $item | toYaml | nindent 12 }} {{- end }} resources: {{- if $painter.resources }} diff --git a/codegen/test/chart-no-desc/templates/deployment.yaml b/codegen/test/chart-no-desc/templates/deployment.yaml index 63ca1bf3c..ff3188163 100644 --- a/codegen/test/chart-no-desc/templates/deployment.yaml +++ b/codegen/test/chart-no-desc/templates/deployment.yaml @@ -50,15 +50,13 @@ spec: imagePullPolicy: {{ $painterImage.pullPolicy }} args: - foo -{{- if $painter.env }} - env: -{{ toYaml $painter.env | indent 10 }} -{{- else if $painter.extraEnvs }} env: +{{- if $painter.env }} +{{- toYaml $painter.env | nindent 10 }} {{- end }} {{- range $name, $item := $painter.extraEnvs }} - name: {{ $name }} -{{- $item | toYaml | nindent 12 }} + {{- $item | toYaml | nindent 12 }} {{- end }} resources: {{- if $painter.resources }} @@ -105,15 +103,15 @@ spec: args: - bar - baz -{{- if $palette.env }} - env: -{{ toYaml $palette.env | indent 10 }} -{{- else if $palette.extraEnvs }} + {{- if or $palette.env $palette.extraEnvs }} env: + {{- end }} +{{- if $palette.env }} +{{- toYaml $palette.env | nindent 10 }} {{- end }} {{- range $name, $item := $palette.extraEnvs }} - name: {{ $name }} -{{- $item | toYaml | nindent 12 }} + {{- $item | toYaml | nindent 12 }} {{- end }} volumeMounts: - mountPath: /etc/paint diff --git a/codegen/test/chart-pod-security-context/templates/deployment.yaml b/codegen/test/chart-pod-security-context/templates/deployment.yaml index 543b3977c..97ba1a796 100644 --- a/codegen/test/chart-pod-security-context/templates/deployment.yaml +++ b/codegen/test/chart-pod-security-context/templates/deployment.yaml @@ -43,15 +43,15 @@ spec: - name: painter image: {{ $painterImage.registry }}/{{ $painterImage.repository }}:{{ $painterImage.tag }} imagePullPolicy: {{ $painterImage.pullPolicy }} -{{- if $painter.env }} - env: -{{ toYaml $painter.env | indent 10 }} -{{- else if $painter.extraEnvs }} + {{- if or $painter.env $painter.extraEnvs }} env: + {{- end }} +{{- if $painter.env }} +{{- toYaml $painter.env | nindent 10 }} {{- end }} {{- range $name, $item := $painter.extraEnvs }} - name: {{ $name }} -{{- $item | toYaml | nindent 12 }} + {{- $item | toYaml | nindent 12 }} {{- end }} resources: {{- if $painter.resources }} diff --git a/codegen/test/chart-readiness/templates/deployment.yaml b/codegen/test/chart-readiness/templates/deployment.yaml index 83d00d696..a5ae169fb 100644 --- a/codegen/test/chart-readiness/templates/deployment.yaml +++ b/codegen/test/chart-readiness/templates/deployment.yaml @@ -40,15 +40,15 @@ spec: - name: painter image: {{ $painterImage.registry }}/{{ $painterImage.repository }}:{{ $painterImage.tag }} imagePullPolicy: {{ $painterImage.pullPolicy }} -{{- if $painter.env }} - env: -{{ toYaml $painter.env | indent 10 }} -{{- else if $painter.extraEnvs }} + {{- if or $painter.env $painter.extraEnvs }} env: + {{- end }} +{{- if $painter.env }} +{{- toYaml $painter.env | nindent 10 }} {{- end }} {{- range $name, $item := $painter.extraEnvs }} - name: {{ $name }} -{{- $item | toYaml | nindent 12 }} + {{- $item | toYaml | nindent 12 }} {{- end }} resources: {{- if $painter.resources }} diff --git a/codegen/test/chart-sidecar-svcport/templates/deployment.yaml b/codegen/test/chart-sidecar-svcport/templates/deployment.yaml index 4839536e7..18e7f6b4d 100644 --- a/codegen/test/chart-sidecar-svcport/templates/deployment.yaml +++ b/codegen/test/chart-sidecar-svcport/templates/deployment.yaml @@ -40,15 +40,15 @@ spec: - name: painter image: {{ $painterImage.registry }}/{{ $painterImage.repository }}:{{ $painterImage.tag }} imagePullPolicy: {{ $painterImage.pullPolicy }} -{{- if $painter.env }} - env: -{{ toYaml $painter.env | indent 10 }} -{{- else if $painter.extraEnvs }} + {{- if or $painter.env $painter.extraEnvs }} env: + {{- end }} +{{- if $painter.env }} +{{- toYaml $painter.env | nindent 10 }} {{- end }} {{- range $name, $item := $painter.extraEnvs }} - name: {{ $name }} -{{- $item | toYaml | nindent 12 }} + {{- $item | toYaml | nindent 12 }} {{- end }} resources: {{- if $painter.resources }} @@ -86,15 +86,15 @@ spec: - name: sidecar-painter image: {{ $sidecarPainterImage.registry }}/{{ $sidecarPainterImage.repository }}:{{ $sidecarPainterImage.tag }} imagePullPolicy: {{ $sidecarPainterImage.pullPolicy }} -{{- if $sidecarPainter.env }} - env: -{{ toYaml $sidecarPainter.env | indent 10 }} -{{- else if $sidecarPainter.extraEnvs }} + {{- if or $sidecarPainter.env $sidecarPainter.extraEnvs }} env: + {{- end }} +{{- if $sidecarPainter.env }} +{{- toYaml $sidecarPainter.env | nindent 10 }} {{- end }} {{- range $name, $item := $sidecarPainter.extraEnvs }} - name: {{ $name }} -{{- $item | toYaml | nindent 12 }} + {{- $item | toYaml | nindent 12 }} {{- end }} resources: {{- if $sidecarPainter.resources }} diff --git a/codegen/test/chart-sidecar/templates/deployment.yaml b/codegen/test/chart-sidecar/templates/deployment.yaml index faa9fd5d7..b7a4e2b85 100644 --- a/codegen/test/chart-sidecar/templates/deployment.yaml +++ b/codegen/test/chart-sidecar/templates/deployment.yaml @@ -40,15 +40,15 @@ spec: - name: painter image: {{ $painterImage.registry }}/{{ $painterImage.repository }}:{{ $painterImage.tag }} imagePullPolicy: {{ $painterImage.pullPolicy }} -{{- if $painter.env }} - env: -{{ toYaml $painter.env | indent 10 }} -{{- else if $painter.extraEnvs }} + {{- if or $painter.env $painter.extraEnvs }} env: + {{- end }} +{{- if $painter.env }} +{{- toYaml $painter.env | nindent 10 }} {{- end }} {{- range $name, $item := $painter.extraEnvs }} - name: {{ $name }} -{{- $item | toYaml | nindent 12 }} + {{- $item | toYaml | nindent 12 }} {{- end }} resources: {{- if $painter.resources }} @@ -85,15 +85,15 @@ spec: - name: foo-bar image: {{ $fooBarImage.registry }}/{{ $fooBarImage.repository }}:{{ $fooBarImage.tag }} imagePullPolicy: {{ $fooBarImage.pullPolicy }} -{{- if $fooBar.env }} - env: -{{ toYaml $fooBar.env | indent 10 }} -{{- else if $fooBar.extraEnvs }} + {{- if or $fooBar.env $fooBar.extraEnvs }} env: + {{- end }} +{{- if $fooBar.env }} +{{- toYaml $fooBar.env | nindent 10 }} {{- end }} {{- range $name, $item := $fooBar.extraEnvs }} - name: {{ $name }} -{{- $item | toYaml | nindent 12 }} + {{- $item | toYaml | nindent 12 }} {{- end }} resources: {{- if $fooBar.resources }} diff --git a/codegen/test/chart-svcport/templates/deployment.yaml b/codegen/test/chart-svcport/templates/deployment.yaml index f532d199d..fb1db26be 100644 --- a/codegen/test/chart-svcport/templates/deployment.yaml +++ b/codegen/test/chart-svcport/templates/deployment.yaml @@ -40,15 +40,15 @@ spec: - name: painter image: {{ $painterImage.registry }}/{{ $painterImage.repository }}:{{ $painterImage.tag }} imagePullPolicy: {{ $painterImage.pullPolicy }} -{{- if $painter.env }} - env: -{{ toYaml $painter.env | indent 10 }} -{{- else if $painter.extraEnvs }} + {{- if or $painter.env $painter.extraEnvs }} env: + {{- end }} +{{- if $painter.env }} +{{- toYaml $painter.env | nindent 10 }} {{- end }} {{- range $name, $item := $painter.extraEnvs }} - name: {{ $name }} -{{- $item | toYaml | nindent 12 }} + {{- $item | toYaml | nindent 12 }} {{- end }} resources: {{- if $painter.resources }} diff --git a/codegen/test/chart/conditional-sidecar/templates/deployment.yaml b/codegen/test/chart/conditional-sidecar/templates/deployment.yaml index 7310b367b..e4158f77e 100644 --- a/codegen/test/chart/conditional-sidecar/templates/deployment.yaml +++ b/codegen/test/chart/conditional-sidecar/templates/deployment.yaml @@ -55,15 +55,23 @@ spec: ports: - name: stats containerPort: {{ $Values.glooMgmtServer.statsPort }} -{{- if $glooMgmtServer.env }} - env: -{{ toYaml $glooMgmtServer.env | indent 10 }} -{{- else if $glooMgmtServer.extraEnvs }} env: + - name: USERNAME + valueFrom: + secretKeyRef: + key: '{{ $.Values.usernameKey }}' + name: '{{ $.Values.someSecret }}' + - name: PASSWORD + valueFrom: + configMapKeyRef: + key: '{{ $.Values.passwordKey }}' + name: '{{ $.Values.someConfigMap }}' +{{- if $glooMgmtServer.env }} +{{- toYaml $glooMgmtServer.env | nindent 10 }} {{- end }} {{- range $name, $item := $glooMgmtServer.extraEnvs }} - name: {{ $name }} -{{- $item | toYaml | nindent 12 }} + {{- $item | toYaml | nindent 12 }} {{- end }} volumeMounts: - mountPath: /etc/gloo-mesh/license-keys @@ -105,15 +113,15 @@ spec: - name: gloo-agent image: {{ $glooAgentImage.registry }}/{{ $glooAgentImage.repository }}:{{ $glooAgentImage.tag }} imagePullPolicy: {{ $glooAgentImage.pullPolicy }} -{{- if $glooAgent.env }} - env: -{{ toYaml $glooAgent.env | indent 10 }} -{{- else if $glooAgent.extraEnvs }} + {{- if or $glooAgent.env $glooAgent.extraEnvs }} env: + {{- end }} +{{- if $glooAgent.env }} +{{- toYaml $glooAgent.env | nindent 10 }} {{- end }} {{- range $name, $item := $glooAgent.extraEnvs }} - name: {{ $name }} -{{- $item | toYaml | nindent 12 }} + {{- $item | toYaml | nindent 12 }} {{- end }} resources: {{- if $glooAgent.resources }} @@ -277,15 +285,15 @@ spec: - name: gloo-agent image: {{ $glooAgentImage.registry }}/{{ $glooAgentImage.repository }}:{{ $glooAgentImage.tag }} imagePullPolicy: {{ $glooAgentImage.pullPolicy }} -{{- if $glooAgent.env }} - env: -{{ toYaml $glooAgent.env | indent 10 }} -{{- else if $glooAgent.extraEnvs }} + {{- if or $glooAgent.env $glooAgent.extraEnvs }} env: + {{- end }} +{{- if $glooAgent.env }} +{{- toYaml $glooAgent.env | nindent 10 }} {{- end }} {{- range $name, $item := $glooAgent.extraEnvs }} - name: {{ $name }} -{{- $item | toYaml | nindent 12 }} + {{- $item | toYaml | nindent 12 }} {{- end }} resources: {{- if $glooAgent.resources }} diff --git a/codegen/test/chart/env-priority/Chart.yaml b/codegen/test/chart/env-priority/Chart.yaml new file mode 100644 index 000000000..01037b07a --- /dev/null +++ b/codegen/test/chart/env-priority/Chart.yaml @@ -0,0 +1,8 @@ +# Code generated by skv2. DO NOT EDIT. + +apiVersion: v1 +home: https://docs.solo.io/skv2/latest +name: Painting Operator +sources: +- https://github.com/solo-io/skv2 +version: v0.0.1 diff --git a/codegen/test/chart/env-priority/templates/_helpers.tpl b/codegen/test/chart/env-priority/templates/_helpers.tpl new file mode 100644 index 000000000..0c155a127 --- /dev/null +++ b/codegen/test/chart/env-priority/templates/_helpers.tpl @@ -0,0 +1,54 @@ +# Code generated by skv2. DO NOT EDIT. + + + +{{/* Below are library functions provided by skv2 */}} + +{{- /* + +"skv2.utils.merge" takes an array of three values: +- the top context +- the yaml block that will be merged in (override) +- the name of the base template (source) + +note: the source must be a named template (helm partial). This is necessary for the merging logic. + +The behaviour is as follows, to align with already existing helm behaviour: +- If no source is found (template is empty), the merged output will be empty +- If no overrides are specified, the source is rendered as is +- If overrides are specified and source is not empty, overrides will be merged in to the source. + +Overrides can replace / add to deeply nested dictionaries, but will completely replace lists. +Examples: + +┌─────────────────────┬───────────────────────┬────────────────────────┐ +│ Source (template) │ Overrides │ Result │ +├─────────────────────┼───────────────────────┼────────────────────────┤ +│ metadata: │ metadata: │ metadata: │ +│ labels: │ labels: │ labels: │ +│ app: gloo │ app: gloo1 │ app: gloo1 │ +│ cluster: useast │ author: infra-team │ author: infra-team │ +│ │ │ cluster: useast │ +├─────────────────────┼───────────────────────┼────────────────────────┤ +│ lists: │ lists: │ lists: │ +│ groceries: │ groceries: │ groceries: │ +│ - apple │ - grapes │ - grapes │ +│ - banana │ │ │ +└─────────────────────┴───────────────────────┴────────────────────────┘ + +skv2.utils.merge is a fork of a helm library chart function (https://github.com/helm/charts/blob/master/incubator/common/templates/_util.tpl). +This includes some optimizations to speed up chart rendering time, and merges in a value (overrides) with a named template, unlike the upstream +version, which merges two named templates. + +*/ -}} +{{- define "skv2.utils.merge" -}} +{{- $top := first . -}} +{{- $overrides := (index . 1) -}} +{{- $tpl := fromYaml (include (index . 2) $top) -}} +{{- if or (empty $overrides) (empty $tpl) -}} +{{ include (index . 2) $top }} {{/* render source as is */}} +{{- else -}} +{{- $merged := merge $overrides $tpl -}} +{{- toYaml $merged -}} {{/* render source with overrides as YAML */}} +{{- end -}} +{{- end -}} \ No newline at end of file diff --git a/codegen/test/chart/env-priority/templates/deployment.yaml b/codegen/test/chart/env-priority/templates/deployment.yaml new file mode 100644 index 000000000..b9dd55e12 --- /dev/null +++ b/codegen/test/chart/env-priority/templates/deployment.yaml @@ -0,0 +1,134 @@ +# Code generated by skv2. DO NOT EDIT. + + + +{{- $painter := $.Values.painter }} +--- + +{{- define "painter.deploymentSpec" }} +# Deployment manifest for painter + +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: painter + annotations: + app.kubernetes.io/name: painter + name: painter + namespace: {{ default .Release.Namespace $.Values.painter.namespace }} +spec: + selector: + matchLabels: + app: painter + template: + metadata: + labels: + app: painter + annotations: + app.kubernetes.io/name: painter + spec: + serviceAccountName: painter + {{- /* Override the default podSecurityContext config if it is set. */}} +{{- if or ($.Values.painter.podSecurityContext) (eq "map[]" (printf "%v" $.Values.painter.podSecurityContext)) }} + securityContext: +{{ toYaml $.Values.painter.podSecurityContext | indent 8 }} +{{- end }} + containers: +{{- $painter := $.Values.painter }} +{{- $painterImage := $painter.image }} + - name: painter + image: {{ $painterImage.registry }}/{{ $painterImage.repository }}:{{ $painterImage.tag }} + imagePullPolicy: {{ $painterImage.pullPolicy }} + env: + {{- if $.Values.secret }} + - name: ENV_VAR + value: templated + {{- end }} +{{- if $painter.env }} +{{- toYaml $painter.env | nindent 10 }} +{{- end }} +{{- range $name, $item := $painter.extraEnvs }} + - name: {{ $name }} + {{- $item | toYaml | nindent 12 }} +{{- end }} + resources: +{{- if $painter.resources }} +{{ toYaml $painter.resources | indent 10}} +{{- else}} + requests: + cpu: 500m + memory: 256Mi +{{- end }} + {{- /* + Render securityContext configs if it is set. + If securityContext is not set, render the default securityContext. + If securityContext is set to 'false', render an empty map. + */}} + securityContext: +{{- if or ($painter.securityContext) (eq "map[]" (printf "%v" $painter.securityContext)) }} +{{ toYaml $painter.securityContext | indent 10}} +{{/* Because securityContext is nil by default we can only perform following conversion if it is a boolean. Skip conditional otherwise. */}} +{{- else if eq (ternary $painter.securityContext true (eq "bool" (printf "%T" $painter.securityContext))) false }} + {} +{{- else}} + runAsNonRoot: true + {{- if not $painter.floatingUserId }} + runAsUser: {{ printf "%.0f" (float64 $painter.runAsUser) }} + {{- end }} + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL +{{- end }} + {{- if $painterImage.pullSecret }} + imagePullSecrets: + - name: {{ $painterImage.pullSecret }} + {{- end}} +{{- end }} {{/* define "painter.deploymentSpec" */}} + +{{/* Render painter deployment template with overrides from values*/}} +{{ if $painter.enabled }} +{{- $painterDeploymentOverrides := dict }} +{{- if $painter.deploymentOverrides }} +{{- $painterDeploymentOverrides = $painter.deploymentOverrides }} +{{- end }} +--- +{{ include "skv2.utils.merge" (list . $painterDeploymentOverrides "painter.deploymentSpec") }} +{{- end }} +--- +{{ if $painter.enabled }} +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: painter + {{- if $painter.serviceAccount}} + {{- if $painter.serviceAccount.extraAnnotations }} + annotations: + {{- range $key, $value := $painter.serviceAccount.extraAnnotations }} + {{ $key }}: {{ $value }} + {{- end }} + {{- end }} + {{- end}} + name: painter + namespace: {{ default .Release.Namespace $.Values.painter.namespace }} +{{- end }} + + +{{- define "painter.serviceSpec"}} + +{{- end }} {{/* define "painter.serviceSpec" */}} +{{ if $painter.enabled }} +{{/* Render painter service template with overrides from values*/}} +{{- $painterServiceOverrides := dict }} +{{- if $painter.serviceOverrides }} +{{- $painterServiceOverrides = $painter.serviceOverrides }} +{{- end }} + +--- + +{{ include "skv2.utils.merge" (list . $painterServiceOverrides "painter.serviceSpec") }} +{{- end }} + diff --git a/codegen/test/chart/env-priority/templates/rbac.yaml b/codegen/test/chart/env-priority/templates/rbac.yaml new file mode 100644 index 000000000..feb93b669 --- /dev/null +++ b/codegen/test/chart/env-priority/templates/rbac.yaml @@ -0,0 +1,2 @@ +# Code generated by skv2. DO NOT EDIT. + diff --git a/codegen/test/chart/env-priority/values.yaml b/codegen/test/chart/env-priority/values.yaml new file mode 100644 index 000000000..75c73d244 --- /dev/null +++ b/codegen/test/chart/env-priority/values.yaml @@ -0,0 +1,18 @@ +# Code generated by skv2. DO NOT EDIT. + +painter: + deploymentOverrides: null + env: + - name: ENV_VAR + value: default + extraEnvs: {} + floatingUserId: false + image: + repository: painter + tag: v0.0.1 + ports: {} + runAsUser: 10101 + serviceOverrides: null + serviceType: "" + sidecars: {} + diff --git a/codegen/test/chart/templates/deployment.yaml b/codegen/test/chart/templates/deployment.yaml index a0cc21108..0d27bc5a4 100644 --- a/codegen/test/chart/templates/deployment.yaml +++ b/codegen/test/chart/templates/deployment.yaml @@ -40,15 +40,15 @@ spec: - name: painter image: {{ $painterImage.registry }}/{{ $painterImage.repository }}:{{ $painterImage.tag }} imagePullPolicy: {{ $painterImage.pullPolicy }} -{{- if $painter.env }} - env: -{{ toYaml $painter.env | indent 10 }} -{{- else if $painter.extraEnvs }} + {{- if or $painter.env $painter.extraEnvs }} env: + {{- end }} +{{- if $painter.env }} +{{- toYaml $painter.env | nindent 10 }} {{- end }} {{- range $name, $item := $painter.extraEnvs }} - name: {{ $name }} -{{- $item | toYaml | nindent 12 }} + {{- $item | toYaml | nindent 12 }} {{- end }} resources: {{- if $painter.resources }} diff --git a/codegen/test/name_override_chart/templates/deployment.yaml b/codegen/test/name_override_chart/templates/deployment.yaml index b39427080..6d1561a17 100644 --- a/codegen/test/name_override_chart/templates/deployment.yaml +++ b/codegen/test/name_override_chart/templates/deployment.yaml @@ -42,15 +42,15 @@ spec: imagePullPolicy: {{ $painterOriginalNameImage.pullPolicy }} args: - foo -{{- if $painterOriginalName.env }} - env: -{{ toYaml $painterOriginalName.env | indent 10 }} -{{- else if $painterOriginalName.extraEnvs }} + {{- if or $painterOriginalName.env $painterOriginalName.extraEnvs }} env: + {{- end }} +{{- if $painterOriginalName.env }} +{{- toYaml $painterOriginalName.env | nindent 10 }} {{- end }} {{- range $name, $item := $painterOriginalName.extraEnvs }} - name: {{ $name }} -{{- $item | toYaml | nindent 12 }} + {{- $item | toYaml | nindent 12 }} {{- end }} resources: {{- if $painterOriginalName.resources }} diff --git a/go.mod b/go.mod index 62518af0a..2c8856488 100644 --- a/go.mod +++ b/go.mod @@ -53,7 +53,7 @@ require ( k8s.io/client-go v0.28.3 k8s.io/code-generator v0.28.3 k8s.io/klog/v2 v2.100.1 - k8s.io/utils v0.0.0-20230406110748-d93618cff8a2 + k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0 sigs.k8s.io/controller-runtime v0.16.3 sigs.k8s.io/yaml v1.3.0 ) diff --git a/go.sum b/go.sum index ce68947ba..ddc75c73b 100644 --- a/go.sum +++ b/go.sum @@ -1440,8 +1440,8 @@ k8s.io/kubernetes v1.13.0/go.mod h1:ocZa8+6APFNC2tX1DZASIbocyYT5jHzqFVsY5aoB7Jk= k8s.io/metrics v0.18.0/go.mod h1:8aYTW18koXqjLVKL7Ds05RPMX9ipJZI3mywYvBOxXd4= k8s.io/utils v0.0.0-20200324210504-a9aa75ae1b89/go.mod h1:sZAwmy6armz5eXlNoLmJcl4F1QuKu7sr+mFQ0byX7Ew= k8s.io/utils v0.0.0-20200603063816-c1c6865ac451/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= -k8s.io/utils v0.0.0-20230406110748-d93618cff8a2 h1:qY1Ad8PODbnymg2pRbkyMT/ylpTrCM8P2RJ0yroCyIk= -k8s.io/utils v0.0.0-20230406110748-d93618cff8a2/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0 h1:jgGTlFYnhF1PM1Ax/lAlxUPE+KfCIXHaathvJg1C3ak= +k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= rsc.io/letsencrypt v0.0.1/go.mod h1:buyQKZ6IXrRnB7TdkHP0RyEybLx18HHyOSoTyoOLqNY= rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=